Vulnerabilities > Westerndigital

DATE CVE VULNERABILITY TITLE RISK
2022-03-30 CVE-2022-22996 Uncontrolled Search Path Element vulnerability in Westerndigital products
The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability.
6.9
2022-03-25 CVE-2022-22995 Link Following vulnerability in Westerndigital products
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files.
network
low complexity
westerndigital CWE-59
7.5
2022-01-28 CVE-2022-22992 Command Injection vulnerability in Westerndigital MY Cloud OS
A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device.
network
low complexity
westerndigital CWE-77
critical
10.0
2022-01-28 CVE-2022-22993 Server-Side Request Forgery (SSRF) vulnerability in Westerndigital MY Cloud OS
A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls.
low complexity
westerndigital CWE-918
8.3
2022-01-28 CVE-2022-22994 Insufficient Verification of Data Authenticity vulnerability in Westerndigital MY Cloud OS
A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call.
network
low complexity
westerndigital CWE-345
7.5
2022-01-13 CVE-2022-22988 Incorrect Permission Assignment for Critical Resource vulnerability in Westerndigital Edgerover 0.25
File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources.
network
low complexity
westerndigital CWE-732
6.4
2022-01-13 CVE-2022-22989 Out-of-bounds Write vulnerability in Westerndigital MY Cloud OS
My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service.
network
low complexity
westerndigital CWE-787
7.5
2022-01-13 CVE-2022-22990 Improper Authentication vulnerability in Westerndigital MY Cloud OS
A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices.
low complexity
westerndigital CWE-287
8.3
2022-01-13 CVE-2022-22991 Command Injection vulnerability in Westerndigital MY Cloud OS
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call.
low complexity
westerndigital CWE-77
8.3
2021-06-29 CVE-2021-35941 Improper Authentication vulnerability in Westerndigital products
Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472.
network
low complexity
westerndigital CWE-287
5.0